[libvirt] [PATCH] locking: don't create qemu-sanlock.conf file when QEMU isn't enabled
by Daniel P. Berrangé
The test targets result in the qemu-sanlock.conf file being created
when sanlock is enabled, even if QEMU is not enabled. As a result it
never gets cleaned up when distclean is run, breaking distcheck.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/locking/Makefile.inc.am | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
Pushed as a build fix for when jansson isn't available (which turns
off QEMU)
diff --git a/src/locking/Makefile.inc.am b/src/locking/Makefile.inc.am
index 649c769e00..f2eb2efb7b 100644
--- a/src/locking/Makefile.inc.am
+++ b/src/locking/Makefile.inc.am
@@ -156,10 +156,10 @@ sanlock_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF)
sanlock_la_LIBADD = -lsanlock_client libvirt.la ../gnulib/lib/libgnu.la
augeas_DATA += locking/libvirt_sanlock.aug
-augeastest_DATA += test_libvirt_sanlock.aug
-CLEANFILES += test_libvirt_sanlock.aug
if WITH_QEMU
+augeastest_DATA += test_libvirt_sanlock.aug
+CLEANFILES += test_libvirt_sanlock.aug
nodist_conf_DATA += locking/qemu-sanlock.conf
BUILT_SOURCES += locking/qemu-sanlock.conf
DISTCLEANFILES += locking/qemu-sanlock.conf
@@ -213,6 +213,7 @@ if WITH_SANLOCK
endif WITH_SANLOCK
if WITH_SANLOCK
+if WITH_QEMU
test_libvirt_sanlock.aug: locking/test_libvirt_sanlock.aug.in \
locking/qemu-sanlock.conf $(AUG_GENTEST)
$(AM_V_GEN)$(AUG_GENTEST) locking/qemu-sanlock.conf $< $@
@@ -221,6 +222,9 @@ check-augeas-sanlock: test_libvirt_sanlock.aug
$(AM_V_GEN)if test -x '$(AUGPARSE)'; then \
'$(AUGPARSE)' -I $(srcdir)/locking test_libvirt_sanlock.aug; \
fi
+else ! WITH_QEMU
+check-augeas-sanlock:
+endif ! WITH_QEMU
else ! WITH_SANLOCK
check-augeas-sanlock:
endif ! WITH_SANLOCK
--
2.17.1
6 years, 4 months
[libvirt] [PATCH v2 0/3] Introduce new video model type 'none'
by Erik Skultety
v1 here https://www.redhat.com/archives/libvir-list/2018-June/msg01793.html
Since v1:
- there were only small fixes needed as per the review
- decided not to split the patch as requested by the reviewer because the first
patch would contain 90% of the changes, both in qemu driver and domain_conf to
make the test suite happy (PCI address auto-assignment issues) and a single
hunk in qemu_command.c in the second patch to actually enable the feature -
this just wasn't worth doing, better keep it together in this case
- added some tiny reword patch 1
- added a news update
Erik Skultety (3):
docs: Rephrase the mediated devices hostdev section a bit
conf: Introduce new video type 'none'
docs: news: Provide an update about the video type 'none'
docs/formatdomain.html.in | 23 ++++++---
docs/news.xml | 14 ++++++
docs/schemas/domaincommon.rng | 1 +
src/conf/domain_conf.c | 55 ++++++++++++++++------
src/conf/domain_conf.h | 1 +
src/qemu/qemu_command.c | 14 ++++--
src/qemu/qemu_domain.c | 3 ++
src/qemu/qemu_domain_address.c | 10 ++++
tests/domaincapsschemadata/full.xml | 1 +
.../video-invalid-multiple-devices.xml | 33 +++++++++++++
tests/qemuxml2argvdata/video-none-device.args | 27 +++++++++++
tests/qemuxml2argvdata/video-none-device.xml | 39 +++++++++++++++
tests/qemuxml2argvtest.c | 4 +-
tests/qemuxml2xmloutdata/video-none-device.xml | 42 +++++++++++++++++
tests/qemuxml2xmltest.c | 1 +
15 files changed, 243 insertions(+), 25 deletions(-)
create mode 100644 tests/qemuxml2argvdata/video-invalid-multiple-devices.xml
create mode 100644 tests/qemuxml2argvdata/video-none-device.args
create mode 100644 tests/qemuxml2argvdata/video-none-device.xml
create mode 100644 tests/qemuxml2xmloutdata/video-none-device.xml
--
2.14.4
6 years, 4 months
[libvirt] [PATCH v4 00/10] Enable vfio-pci 'property' for mediated device
by Erik Skultety
RFC here:
https://www.redhat.com/archives/libvir-list/2018-May/msg02218.html
Since v1 [1]:
- remodeled egl-headless to be a standalone graphics element instead of a
result of some automagic with graphic's <gl> element
- pushed the first 5 simple fixes that were RB'd
- fixed some nits raised during review
Since v2 [2]
- converted the 'display' and 'egl-headless' PostParse callbacks in patches 2
and 6 to Validate callbacks as they should have been since the beginning (see
the RFC)
- some minor nits
- added a standalone patch substituting some 'error' labels with 'cleanup' as
requested during review
Since v3 [3]:
- all of the patches got a RB, but there were some comments that made me send
another version
- the only major change was to move the default 'display' choice from
qemu_command.c back to a PostParse callback, so now we format display='off' by
default to every domain that utilized an mdev
[1] https://www.redhat.com/archives/libvir-list/2018-June/msg01740.html
[2] https://www.redhat.com/archives/libvir-list/2018-July/msg00485.html
[3] https://www.redhat.com/archives/libvir-list/2018-July/msg00698.html
Erik Skultety (9):
qemu: qemuBuildHostdevCommandLine: Use a helper variable mdevsrc
qemu: caps: Introduce a capability for egl-headless
qemu: Introduce a new graphics display type 'headless'
qemu: caps: Add vfio-pci.display capability
conf: Introduce virDomainGraphicsDefHasOpenGL helper
conf: Replace 'error' with 'cleanup' in
virDomainHostdevDefParseXMLSubsys
conf: Introduce new <hostdev> attribute 'display'
qemu: command: Enable formatting vfio-pci.display option onto cmdline
docs: Update news about the VNC console enablement for mdevs
Katerina Koukiou (1):
docs: formatdomain: unify naming for CPUs/vCPUs
docs/formatdomain.html.in | 137 ++++++++++++------
docs/news.xml | 10 ++
docs/schemas/domaincommon.rng | 8 ++
src/conf/domain_conf.c | 106 +++++++++++---
src/conf/domain_conf.h | 5 +
src/libvirt_private.syms | 1 +
src/libxl/libxl_conf.c | 1 +
src/qemu/qemu_capabilities.c | 10 ++
src/qemu/qemu_capabilities.h | 4 +
src/qemu/qemu_command.c | 23 ++-
src/qemu/qemu_domain.c | 154 ++++++++++++++++++++-
src/qemu/qemu_driver.c | 2 +
src/qemu/qemu_hotplug.c | 1 +
src/qemu/qemu_process.c | 4 +
src/vmx/vmx.c | 1 +
tests/domaincapsschemadata/full.xml | 1 +
tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml | 1 +
tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml | 1 +
tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml | 1 +
tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml | 2 +
tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml | 2 +
tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml | 2 +
tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 2 +
tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml | 2 +
tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml | 2 +
tests/qemuxml2argvdata/graphics-egl-headless.args | 26 ++++
tests/qemuxml2argvdata/graphics-egl-headless.xml | 31 +++++
.../qemuxml2argvdata/graphics-sdl-egl-headless.xml | 35 +++++
.../graphics-spice-egl-headless.args | 31 +++++
.../graphics-spice-egl-headless.xml | 36 +++++
.../graphics-spice-invalid-egl-headless.xml | 37 +++++
.../graphics-vnc-egl-headless.args | 28 ++++
.../qemuxml2argvdata/graphics-vnc-egl-headless.xml | 37 +++++
.../hostdev-mdev-display-missing-graphics.xml | 35 +++++
...v-display-spice-egl-headless.x86_64-latest.args | 37 +++++
.../hostdev-mdev-display-spice-egl-headless.xml | 40 ++++++
...ev-mdev-display-spice-opengl.x86_64-latest.args | 36 +++++
.../hostdev-mdev-display-spice-opengl.xml | 41 ++++++
...dev-display-vnc-egl-headless.x86_64-latest.args | 37 +++++
.../hostdev-mdev-display-vnc-egl-headless.xml | 40 ++++++
.../hostdev-mdev-display-vnc.x86_64-latest.args | 36 +++++
.../qemuxml2argvdata/hostdev-mdev-display-vnc.xml | 39 ++++++
tests/qemuxml2argvdata/hostdev-mdev-display.xml | 39 ++++++
tests/qemuxml2argvtest.c | 24 ++++
.../graphics-spice-egl-headless.xml | 44 ++++++
.../graphics-vnc-egl-headless.xml | 42 ++++++
tests/qemuxml2xmloutdata/hostdev-mdev-display.xml | 47 +++++++
tests/qemuxml2xmltest.c | 3 +
51 files changed, 1214 insertions(+), 73 deletions(-)
create mode 100644 tests/qemuxml2argvdata/graphics-egl-headless.args
create mode 100644 tests/qemuxml2argvdata/graphics-egl-headless.xml
create mode 100644 tests/qemuxml2argvdata/graphics-sdl-egl-headless.xml
create mode 100644 tests/qemuxml2argvdata/graphics-spice-egl-headless.args
create mode 100644 tests/qemuxml2argvdata/graphics-spice-egl-headless.xml
create mode 100644 tests/qemuxml2argvdata/graphics-spice-invalid-egl-headless.xml
create mode 100644 tests/qemuxml2argvdata/graphics-vnc-egl-headless.args
create mode 100644 tests/qemuxml2argvdata/graphics-vnc-egl-headless.xml
create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display-missing-graphics.xml
create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display-spice-egl-headless.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display-spice-egl-headless.xml
create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display-spice-opengl.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display-spice-opengl.xml
create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display-vnc-egl-headless.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display-vnc-egl-headless.xml
create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display-vnc.x86_64-latest.args
create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display-vnc.xml
create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display.xml
create mode 100644 tests/qemuxml2xmloutdata/graphics-spice-egl-headless.xml
create mode 100644 tests/qemuxml2xmloutdata/graphics-vnc-egl-headless.xml
create mode 100644 tests/qemuxml2xmloutdata/hostdev-mdev-display.xml
--
2.14.4
6 years, 4 months
[libvirt] [PATCH] Add DOMAIN_MEMORY_STAT_DISK_CACHES constant
by Daniel P. Berrangé
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
domain.go | 1 +
domain_compat.h | 6 ++++++
2 files changed, 7 insertions(+)
Pushed as a build fix
diff --git a/domain.go b/domain.go
index cc0285b..6a9e2a1 100644
--- a/domain.go
+++ b/domain.go
@@ -377,6 +377,7 @@ const (
DOMAIN_MEMORY_STAT_RSS = DomainMemoryStatTags(C.VIR_DOMAIN_MEMORY_STAT_RSS)
DOMAIN_MEMORY_STAT_USABLE = DomainMemoryStatTags(C.VIR_DOMAIN_MEMORY_STAT_USABLE)
DOMAIN_MEMORY_STAT_LAST_UPDATE = DomainMemoryStatTags(C.VIR_DOMAIN_MEMORY_STAT_LAST_UPDATE)
+ DOMAIN_MEMORY_STAT_DISK_CACHES = DomainMemoryStatTags(C.VIR_DOMAIN_MEMORY_STAT_DISK_CACHES)
DOMAIN_MEMORY_STAT_NR = DomainMemoryStatTags(C.VIR_DOMAIN_MEMORY_STAT_NR)
)
diff --git a/domain_compat.h b/domain_compat.h
index 345505c..f23670c 100644
--- a/domain_compat.h
+++ b/domain_compat.h
@@ -1046,4 +1046,10 @@ int virDomainGetLaunchSecurityInfoCompat(virDomainPtr domain,
#define VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT "sev-measurement"
#endif
+/* 4.6.0 */
+
+#ifndef VIR_DOMAIN_MEMORY_STAT_DISK_CACHES
+#define VIR_DOMAIN_MEMORY_STAT_DISK_CACHES 10
+#endif
+
#endif /* LIBVIRT_GO_DOMAIN_COMPAT_H__ */
--
2.17.1
6 years, 4 months
[libvirt] [perl PATCH] Add VIR_DOMAIN_MEMORY_STAT_DISK_CACHES constant
by Daniel P. Berrangé
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
Changes | 2 +-
lib/Sys/Virt.xs | 5 +++++
lib/Sys/Virt/Domain.pm | 4 ++++
3 files changed, 10 insertions(+), 1 deletion(-)
Pushed as a build fix
diff --git a/Changes b/Changes
index 74bbb22..4c77425 100644
--- a/Changes
+++ b/Changes
@@ -2,7 +2,7 @@ Revision history for perl module Sys::Virt
4.6.0 2018-00-00
- - XXX
+ - Add VIR_DOMAIN_MEMORY_STAT_DISK_CACHES
4.5.0 2018-07-03
diff --git a/lib/Sys/Virt.xs b/lib/Sys/Virt.xs
index 40134d3..14967d7 100644
--- a/lib/Sys/Virt.xs
+++ b/lib/Sys/Virt.xs
@@ -5850,6 +5850,10 @@ memory_stats(dom, flags=0)
case VIR_DOMAIN_MEMORY_STAT_USABLE:
(void)hv_store (RETVAL, "usable", 6, virt_newSVll(stats[i].val), 0);
break;
+
+ case VIR_DOMAIN_MEMORY_STAT_DISK_CACHES:
+ (void)hv_store (RETVAL, "disk_caches", 11, virt_newSVll(stats[i].val), 0);
+ break;
}
}
Safefree(stats);
@@ -9040,6 +9044,7 @@ BOOT:
REGISTER_CONSTANT(VIR_DOMAIN_MEMORY_STAT_RSS, MEMORY_STAT_RSS);
REGISTER_CONSTANT(VIR_DOMAIN_MEMORY_STAT_LAST_UPDATE, MEMORY_STAT_LAST_UPDATE);
REGISTER_CONSTANT(VIR_DOMAIN_MEMORY_STAT_USABLE, MEMORY_STAT_USABLE);
+ REGISTER_CONSTANT(VIR_DOMAIN_MEMORY_STAT_DISK_CACHES, MEMORY_STAT_DISK_CACHES);
REGISTER_CONSTANT_STR(VIR_DOMAIN_BLOCK_IOTUNE_TOTAL_BYTES_SEC, BLOCK_IOTUNE_TOTAL_BYTES_SEC);
diff --git a/lib/Sys/Virt/Domain.pm b/lib/Sys/Virt/Domain.pm
index 284c38c..8eee18c 100644
--- a/lib/Sys/Virt/Domain.pm
+++ b/lib/Sys/Virt/Domain.pm
@@ -3903,6 +3903,10 @@ Amount of usable memory
Time of last stats refresh from guest
+=item Sys::Virt::Domain::MEMORY_STAT_DISK_CACHES
+
+Disk cache size
+
=back
=head2 DOMAIN LIST CONSTANTS
--
2.17.1
6 years, 4 months
[libvirt] [PATCH] test: Implement virConnectListAllInterfaces
by Cole Robinson
This adds some generic virinterfaceobj code, roughly matching what
is used by other stateful drivers like network, storage, etc.
Signed-off-by: Cole Robinson <crobinso(a)redhat.com>
---
src/conf/virinterfaceobj.c | 105 +++++++++++++++++++++++++++++++++++++
src/conf/virinterfaceobj.h | 7 +++
src/libvirt_private.syms | 1 +
src/test/test_driver.c | 15 ++++++
4 files changed, 128 insertions(+)
diff --git a/src/conf/virinterfaceobj.c b/src/conf/virinterfaceobj.c
index a1d7346eb2..87ce188117 100644
--- a/src/conf/virinterfaceobj.c
+++ b/src/conf/virinterfaceobj.c
@@ -241,6 +241,111 @@ virInterfaceObjListFindByName(virInterfaceObjListPtr interfaces,
return obj;
}
+#define MATCH(FLAG) (flags & (FLAG))
+static bool
+virInterfaceMatch(virInterfaceObjPtr obj,
+ unsigned int flags)
+{
+ /* filter by active state */
+ if (MATCH(VIR_CONNECT_LIST_INTERFACES_FILTERS_ACTIVE) &&
+ !((MATCH(VIR_CONNECT_LIST_INTERFACES_ACTIVE) &&
+ virInterfaceObjIsActive(obj)) ||
+ (MATCH(VIR_CONNECT_LIST_INTERFACES_INACTIVE) &&
+ !virInterfaceObjIsActive(obj))))
+ return false;
+
+ return true;
+}
+#undef MATCH
+
+
+struct virInterfaceObjListData {
+ virConnectPtr conn;
+ virInterfacePtr *ifaces;
+ virInterfaceObjListFilter filter;
+ unsigned int flags;
+ int nifaces;
+ bool error;
+};
+
+static int
+virInterfaceObjListPopulate(void *payload,
+ const void *name ATTRIBUTE_UNUSED,
+ void *opaque)
+{
+ struct virInterfaceObjListData *data = opaque;
+ virInterfaceObjPtr obj = payload;
+ virInterfacePtr iface = NULL;
+
+ if (data->error)
+ return 0;
+
+ virObjectLock(obj);
+
+ if (data->filter &&
+ !data->filter(data->conn, obj->def))
+ goto cleanup;
+
+ if (!virInterfaceMatch(obj, data->flags))
+ goto cleanup;
+
+ if (!data->ifaces) {
+ data->nifaces++;
+ goto cleanup;
+ }
+
+ if (!(iface = virGetInterface(data->conn, obj->def->name, obj->def->mac))) {
+ data->error = true;
+ goto cleanup;
+ }
+
+ data->ifaces[data->nifaces++] = iface;
+
+ cleanup:
+ virObjectUnlock(obj);
+ return 0;
+}
+
+
+int
+virInterfaceObjListExport(virConnectPtr conn,
+ virInterfaceObjListPtr ifaceobjs,
+ virInterfacePtr **ifaces,
+ virInterfaceObjListFilter filter,
+ unsigned int flags)
+{
+ int ret = -1;
+ struct virInterfaceObjListData data = {
+ .conn = conn, .ifaces = NULL, .filter = filter, .flags = flags,
+ .nifaces = 0, .error = false };
+
+ virObjectRWLockRead(ifaceobjs);
+ if (ifaces && VIR_ALLOC_N(data.ifaces,
+ virHashSize(ifaceobjs->objsName) + 1) < 0)
+ goto cleanup;
+
+ virHashForEach(ifaceobjs->objsName, virInterfaceObjListPopulate, &data);
+
+ if (data.error)
+ goto cleanup;
+
+ if (data.ifaces) {
+ /* trim the array to the final size */
+ ignore_value(VIR_REALLOC_N(data.ifaces, data.nifaces + 1));
+ *ifaces = data.ifaces;
+ data.ifaces = NULL;
+ }
+
+ ret = data.nifaces;
+ cleanup:
+ virObjectRWUnlock(ifaceobjs);
+ while (data.ifaces && data.nifaces)
+ virObjectUnref(data.ifaces[--data.nifaces]);
+
+ VIR_FREE(data.ifaces);
+ return ret;
+}
+
void
virInterfaceObjListDispose(void *obj)
diff --git a/src/conf/virinterfaceobj.h b/src/conf/virinterfaceobj.h
index 799d38038f..33d2dda05d 100644
--- a/src/conf/virinterfaceobj.h
+++ b/src/conf/virinterfaceobj.h
@@ -82,4 +82,11 @@ virInterfaceObjListGetNames(virInterfaceObjListPtr interfaces,
char **const names,
int maxnames);
+int
+virInterfaceObjListExport(virConnectPtr conn,
+ virInterfaceObjListPtr ifaceobjs,
+ virInterfacePtr **ifaces,
+ virInterfaceObjListFilter filter,
+ unsigned int flags);
+
#endif /* __VIRINTERFACEOBJ_H__ */
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index e688981c3e..ec5ed0cc81 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -961,6 +961,7 @@ virInterfaceObjGetDef;
virInterfaceObjIsActive;
virInterfaceObjListAssignDef;
virInterfaceObjListClone;
+virInterfaceObjListExport;
virInterfaceObjListFindByMACString;
virInterfaceObjListFindByName;
virInterfaceObjListGetNames;
diff --git a/src/test/test_driver.c b/src/test/test_driver.c
index 5494d51017..951d9c4151 100644
--- a/src/test/test_driver.c
+++ b/src/test/test_driver.c
@@ -3828,6 +3828,20 @@ testConnectListDefinedInterfaces(virConnectPtr conn,
}
+static int
+testConnectListAllInterfaces(virConnectPtr conn,
+ virInterfacePtr **ifaces,
+ unsigned int flags)
+{
+ testDriverPtr privconn = conn->privateData;
+
+ virCheckFlags(VIR_CONNECT_LIST_INTERFACES_FILTERS_ACTIVE, -1);
+
+ return virInterfaceObjListExport(conn, privconn->ifaces, ifaces,
+ NULL, flags);
+}
+
+
static virInterfacePtr
testInterfaceLookupByName(virConnectPtr conn,
const char *name)
@@ -6944,6 +6958,7 @@ static virInterfaceDriver testInterfaceDriver = {
.connectListInterfaces = testConnectListInterfaces, /* 0.7.0 */
.connectNumOfDefinedInterfaces = testConnectNumOfDefinedInterfaces, /* 0.7.0 */
.connectListDefinedInterfaces = testConnectListDefinedInterfaces, /* 0.7.0 */
+ .connectListAllInterfaces = testConnectListAllInterfaces, /* 4.6.0 */
.interfaceLookupByName = testInterfaceLookupByName, /* 0.7.0 */
.interfaceLookupByMACString = testInterfaceLookupByMACString, /* 0.7.0 */
.interfaceGetXMLDesc = testInterfaceGetXMLDesc, /* 0.7.0 */
--
2.17.1
6 years, 4 months
[libvirt] [PATCHv2] examples: Add clean-traffic-gateway into nwfilters
by Ales Musil
The filter purpose is to simulate isolated private VLAN.
The behavior can be achieved by limiting network traffic
to traffic between VM and gateway. Because there is no
concept of the PVLAN in the linux bridge.
The filter also contains parts from clean-traffic
to prevent VM from spoofing its IP and MAC address.
To use this filter the user just needs to set
the GATEWAY_MAC variable to gateway MAC address.
Signed-off-by: Ales Musil <amusil(a)redhat.com>
---
examples/xml/nwfilter/clean-traffic-gateway.xml | 34 +++++++++++++++++++++++++
1 file changed, 34 insertions(+)
create mode 100644 examples/xml/nwfilter/clean-traffic-gateway.xml
diff --git a/examples/xml/nwfilter/clean-traffic-gateway.xml b/examples/xml/nwfilter/clean-traffic-gateway.xml
new file mode 100644
index 0000000..b8c2040
--- /dev/null
+++ b/examples/xml/nwfilter/clean-traffic-gateway.xml
@@ -0,0 +1,34 @@
+<filter name='clean-traffic-gateway'>
+ <!-- An example of a traffic filter enforcing clean traffic
+ from a VM by
+ - preventing MAC spoofing -->
+ <filterref filter='no-mac-spoofing'/>
+
+ <!-- preventing IP spoofing on outgoing -->
+ <filterref filter='no-ip-spoofing'/>
+
+ <!-- preventing ARP spoofing/poisoning -->
+ <filterref filter='no-arp-spoofing'/>
+
+ <!-- accept all other incoming and outgoing ARP traffic -->
+ <rule action='accept' direction='inout' priority='-500'>
+ <mac protocolid='arp'/>
+ </rule>
+
+ <!-- accept traffic only from specified MAC address -->
+ <rule action='accept' direction='in'>
+ <mac match='yes' srcmacaddr='$GATEWAY_MAC'/>
+ </rule>
+
+ <!-- allow traffic only to specified MAC address -->
+ <rule action='accept' direction='out'>
+ <mac match='yes' dstmacaddr='$GATEWAY_MAC'/>
+ </rule>
+
+ <!-- preventing any other traffic than between specified MACs
+ and ARP -->
+ <filterref filter='no-other-l2-traffic'/>
+
+ <!-- allow qemu to send a self-announce upon migration end -->
+ <filterref filter='qemu-announce-self'/>
+</filter>
--
1.8.3.1
6 years, 4 months
[libvirt] [PATCH 0/3] support VLan for virtual network based on 8021q kernel module
by Shi Lei
Support VLan for virtual network based on 8021q kernel module other than ovs backend.
Insert vlan-device into the datapath of the network traffic:
(outside of host) <--> physical_interface <--> vlan-dev(with VLAN-Tag) <--> bridge <--> guests
Then VLAN-Tag will be applied to the guest's network traffic.
The VLan network acts as real layer-2 switch which provides 'access' port to guest.
1. Create VLan network by setting mode='vlan' on the forward element, for example:
...
<network>
<name>vlan10</name>
<forward mode="vlan" dev="eth0"/>
<vlan>
<tag id="10"/>
</vlan>
</network>
...
The mode attribute of <forward> should be 'vlan' (this patch added).
The dev attribute of <forward> specifies a physical interface
which forwards traffice between this VLan-network and outside.
The id attribue of the vlan tag indicates VLAN-Tag. Both vlan element
and tag element should be unique in this xml.
A guest connects to this VLan network by setting its xml like this:
<interface type='network'>
<source network='vlan10'/>
</interface>
2. We can enable dhcp for VLan network according to the current way, for example:
...
<network>
...
<ip address="192.168.126.2" netmask="255.255.255.0">
<dhcp>
<range start="192.168.126.120" end="192.168.126.129"/>
</dhcp>
</ip>
</network>
...
3. This can help to build Cross-Host VLan network for guests. We can simplify
the work to implement vlan-net of management app (e.g. OpenStack).
1) Distribute the xml of VLan network to all hosts, then 'virsh net-create ...' on each host locally.
2) Makesure the outside switch's port linked to the physical interface (specified by the dev of <forward>) is 'trunk' mode.
3) For each VLan network, ONLY one host can 'net-create' network with ip and dhcp element to avoid dhcp conflict.
Shi Lei (3):
add functions: load(verify) 8021q module, create/destroy vlan-dev
support new forward mode of vlan for virtual network
fix other functions to add VIR_NETWORK_FORWARD_VLAN
configure.ac | 5 +-
src/conf/domain_conf.c | 1 +
src/conf/network_conf.c | 12 ++-
src/conf/network_conf.h | 1 +
src/conf/virnetworkobj.c | 1 +
src/libvirt_private.syms | 4 +
src/network/bridge_driver.c | 80 ++++++++++++++++--
src/qemu/qemu_process.c | 1 +
src/util/virnetdev.c | 195 ++++++++++++++++++++++++++++++++++++++++++++
src/util/virnetdev.h | 14 ++++
10 files changed, 301 insertions(+), 13 deletions(-)
--
2.7.4
6 years, 4 months
[libvirt] [PATCH 0/4] qemu: vnc: switch to tls-creds-x509
by Ján Tomko
Ján Tomko (4):
tests: qemu: Remove disk from graphics-vnc-tls
FIXDOWN: copy graphics-vnc-tls args to versioned paths
tests: qemu: test more versions for graphics-vnc-tls
qemu: vnc: switch to tls-creds-x509
src/qemu/qemu_command.c | 26 +++++++++++++----
tests/qemuxml2argvdata/graphics-vnc-tls.args | 2 --
.../graphics-vnc-tls.x86_64-2.4.0.args | 28 ++++++++++++++++++
.../graphics-vnc-tls.x86_64-latest.args | 33 ++++++++++++++++++++++
tests/qemuxml2argvdata/graphics-vnc-tls.xml | 6 ----
tests/qemuxml2argvtest.c | 2 ++
tests/qemuxml2xmloutdata/graphics-vnc-tls.xml | 6 ----
7 files changed, 83 insertions(+), 20 deletions(-)
create mode 100644 tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-2.4.0.args
create mode 100644 tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-latest.args
--
2.16.1
6 years, 4 months
[libvirt] [PATCH] spec: remove libcgroup and cgconfig
by Pavel Hrdina
RHEL-6/CentOS-6 is no longer supported, let's remove dependency on
libcgroup and code that enables/starts cgconfig service.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1602407
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
libvirt.spec.in | 19 -------------------
1 file changed, 19 deletions(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 6f0d399064..6f360c5579 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -80,7 +80,6 @@
# A few optional bits off by default, we enable later
%define with_fuse 0%{!?_without_fuse:0}
-%define with_cgconfig 0%{!?_without_cgconfig:0}
%define with_sanlock 0%{!?_without_sanlock:0}
%define with_systemd 0%{!?_without_systemd:0}
%define with_numad 0%{!?_without_numad:0}
@@ -216,11 +215,6 @@
%endif
%endif
-# Pull in cgroups config system
-%if %{with_qemu} || %{with_lxc}
- %define with_cgconfig 0%{!?_without_cgconfig:1}
-%endif
-
# Force QEMU to run as non-root
%define qemu_user qemu
%define qemu_group qemu
@@ -496,9 +490,6 @@ Requires: polkit >= 0.112
%else
Requires: polkit >= 0.93
%endif
-%if %{with_cgconfig}
-Requires: libcgroup
-%endif
%ifarch %{ix86} x86_64 ia64
# For virConnectGetSysinfo
Requires: dmidecode
@@ -1490,16 +1481,6 @@ if [ $1 -eq 1 ] ; then
fi
%endif
%else
- %if %{with_cgconfig}
-# Starting with Fedora 16/RHEL-7, systemd automounts all cgroups,
-# and cgconfig is no longer a necessary service.
- %if 0%{?rhel} && 0%{?rhel} < 7
-if [ "$1" -eq "1" ]; then
-/sbin/chkconfig cgconfig on
-fi
- %endif
- %endif
-
/sbin/chkconfig --add libvirtd
/sbin/chkconfig --add virtlogd
/sbin/chkconfig --add virtlockd
--
2.17.1
6 years, 4 months
